Since its launch in 1987, the ISO 9001 standard has stipulated the requirements for a certifiable Quality Management System (QMS) to ensure the consistent manufacturing of reliable, high-grade products. The ISO 9000 family for QMS provides organizations with the necessary guidance and tools for increased product quality, customer satisfaction, and a sustainable methodology to identify improvement. The new version of ISO 9001:2015 QMS, due to be published by September 2015, will center on managing risks in an efficient manner.

MetricStream

ISO 9001:2015Discovers Risk-Based Thinking

ISO 9001 over the Years The International Organization for Standardization (ISO) was founded in 1946 to establish a common set of standards in trade, manufacturing, and technology, and it comprises national standards institutes and organizations of 163 countries worldwide. Every five years, the entire suite of ISO standards undergoes an overhaul to keep it current and updated.

ISO 9001 provides a quality management standard for employees, facilities, infrastructure, training, services, and equipment across the enterprise. It was first developed in 1987 from the military, American National Standards institute (ANSI), Canadian Standards Association (CSA) and British Standards Institute (BSI) standards with 20 elements, also known as ‘buckets’.

In 1994, this standard went through a minor revision with many additions and changes such as new requirements for a quality manual, quality planning and design validation. In 2000, the ISO 9001 was re-sequenced based on the process approach and the PDCA cycle and the eight quality management principles became its foundation. 2008 saw a minor revision to ISO 9001 clarifying some clauses and closing a few loopholes.

The 9001:2015 revision started in 2013 with the Committee Draft (CD) – the first consultation in the revision of an ISO standard. After making necessary changes based on public comments, the Draft International Standard (DIS) was published in May 2014. The Final Draft International Standard (FDIS) has just been released, and the final version of ISO 9001:2015 will be officially published in September 2015.

Where do Enterprises Stand with the New Version? ISO 9001:2015 version is currently being updated and will adopt Annex SL which is a common ISO management system text. This standard language will be adopted across all ISO standards and will make it easier for enterprises with integrated management systems that need to conform to more than one standard.

In addition, the revised standard places emphasis on risk-based thinking. This version will help companies address the latest and advanced internal and external challenges in their respective business operations. Another focal point of this revised version is to reflect the needs of all interested parties – either external or internal. The two main groups of focus are: external providers and customers. Considering that ideally business goals are to improve customer satisfaction, the objective of the QMS is to improve an organization’s ability to identify and fulfill customer and legal requirements.

The understanding is that a well-implemented QMS adds business value and is essentially a business management system, making it vital to link quality management policies to business strategies. This approach allows for greater alignment of QMS strategies and objectives to the overall strategy of the organization while enabling organizations to efficiently adapt to changes in the business-world. Enterprises currently certified to ISO 9001 will be given a three-year transition period to switch to the new revision.

The new version of ISO 9001:2015 also has undergone the following changes that include:

Changes in the use of terms, ‘documentation’, ‘documented procedure’ and ‘record’. These terms are replaced by an encompassing term: Documented Information.

Usage of the term ‘products and services’.

New requirements on managing changes which includes products and processes within the organization and QMS.

Leadership and commitment of top management to integrate QMS requirements with the organization’s business processes.

Information for external providers in terms of their access to the QMS and to provide feedback on their performance.

Improved focus on risk-based thinking.

The ISO 9001:2015 standard also includes specific clauses on the organization’s internal and external communication, and on making changes to the QMS in a methodical manner. This improves interactions within the organization and with external stakeholders thus providing the ability to control and track performance. A separate clause deals with post-delivery activities: under this clause, organizations have to consider the risks associated with their products and services, lifetime of products, customer feedback, and regulatory requirements.

Context of the organization is a fairly new concept in the 2015 version and it significantly expands the scope of the standard and broadens its perspective. According to this novel concept, enterprises need to understand and define the impact of various parameters (both internal and external) on the organization, and their influence on QMS, strategic direction, business objectives, company’s culture and people, flow of processes and data, and size of the organization.

This clause requires an enterprise to have in-depth knowledge of the needs and expectations of interested parties such as direct customers, end users, suppliers, retailers, regulators, distributors, and the society at large. Based on this understanding, organizations must establish, implement, and enhance a QMS in order to meet the requirements of this standard.

Although most of the clauses under Resources (Section 6) of the current ISO standard remain untouched, the two new additions namely monitoring and measuring resources, and organizational knowledge have gained the attention of enterprises preparing for transition. According to this newly included section, an organization has to demonstrate the knowledge necessary for the operation of the quality management system and its initiatives, and to ensure standardized goods, services, and customer satisfaction.

MSI

NS_

MO

BILE

_AU

DIT_

May

29

ISO 9001: 2008 Vs ISO 9001:2015 As businesses begin their transition to the revised ISO 9001:2015 standard, it would be an appropriate time to get acquainted with the revisions made to its precursor by conducting a comparative study.

One of the major changes made to the ISO 9001:2008 version is the presentation of the standard itself. ISO 9001:2008 comprises eight sections, of which the last five pertain to the establishment of a QMS that is auditable and viable. These five sections are translated into seven sections in ISO 9001:2015. Also, 2015 introduces a number of clauses1 such as:

Context of the organization

Leadership

Support

Operations

Introduction of concepts on risks and opportunities

In addition, ISO 9001:2015 removes some of the biggest non-value adds such as:

The requirement for developing a quality manual.

The management representative requirement. However the standard still requires the organization’s leadership to assign responsibility for those duties formerly allocated to the management representative role, including reporting on the system’s effectiveness for top management review.

The six documented procedures namely document control, record control, internal audit, control of nonconforming product, corrective action, and preventive action.

The term ‘preventive action’ and a requirement to fulfill the same. The removal of this particular term clearly shows that the revision’s goal is focused more on enhanced risk management by an enterprise’s QMS. Clause 4.1 of the draft requires organizations to detect and address risks in a timely manner in order for the QMS to deliver upon its goals. The revised standard does not demand a formal risk management system for the prevention or mitigation of risks, but requires organizations to determine the status of their risk profile.

Email: info@metricstream.comUS: +1-650-620-2955 Europe: +41-615-880-111 UK: +44-203-318-8554

© 2015 Copyright MetricStream. All Rights Reserved. India: +91 80 4962 8000 UAE: +971 50 7217139 Australia: +61-870-708-014

ISO 9001:2015- Encouraging Risk Based Thinking Although the ISO 9001:2008 standard implicitly called for some risk assessment, the 2015 revision calls it out explicitly, often pairing risk with opportunity to provide a holistic overview of prevention of risks and promotion of opportunities. In sections 4-10 there are 14 references to risk and 16 references to opportunity.

The new version of ISO requires devising methodologies to address risks and opportunities, consolidate and incorporate those actions into quality management processes, and assess the effectiveness of these actions. Adopting risk-based thinking on an enterprise level would result in increased customer credibility, proactive prevention methodologies, and consistent delivery of quality products and services.

Organizations currently using ISO 9001:2008 have to conduct a gap analysis in order to meet the new requirements, develop an implementation plan, and provide adequate training to all the concerned parties that directly impact the efficiency of an organization.

Technology as an Enabler for Quality Management Since the scope of ISO standard has broadened, it requires consolidation of information to improve decision making and action management. The organizational changes and the evolution of quality standards call for an effective technology-assisted solution consisting of consolidation of information, risk based quality management, knowledge management, compliance management and training.

Businesses have started to embrace integrated solution suites to combine and standardize global quality initiatives in one centralized platform. It helps automate end-to-end quality management programs, processes, maximize performance of quality initiatives, reduce costs, and provide greater transparency and consistency into governance processes. Technology solutions provide complete flexibility for organizations to adopt specific Apps and solutions for supplier, product information management, document management, quality audit, non-conformance and corrective, preventive action management, risk management, compliance management, inspection management, complaints management, training management and change management.

The internal and extended ecosystem involving suppliers, vendors, contractors, service providers, third parties, and regulatory affairs contribute to numerous risks relating to quality, environment, operations, supply chain, and

production. Technology solutions help adopt a risk-based approach to quality management which will enable organizations to understand the interconnections, linkages and relationships between internal and external quality risks, aspects of compliance that is critical to achieving business performance.

It allows organizations to adopt a standardized approach to managing quality risks including risk identification, risk analysis, risk aggregation, risk evaluation, followed by alleviation and reporting. A technology-enabled QMS offers mobility, facilitates optimization for better user experience, supports for offline and online access seamlessly, enhances collaboration functionalities, and provides automatic synchronization capabilities.

Conclusion The revised ISO 9001 standard based on Annex SL is expected to be published in September 2015. The new High Level Structure (HLS) provides a common framework for all management systems and will ensure complete integration of quality management with business strategies while a greater emphasis on leadership will enhance motivation and support from top management towards achieving organizational goals and objectives. The introduction of risk- and opportunity-based thinking will help drive organizations to develop a more comprehensive view of business risks and opportunities enabling them to make continuous improvements across their business processes. And the integrated approach outlined in ISO 9001:2015 will make it easy for organizations to quality management part of their integrated management system for a unified and transparent approach to managing quality across suppliers, internal operations and customers.

1 http://www.bsigroup.com/en-IN/ISO-9001-Quality-Management/ISO-9001-revision-2015/

By Richard Hill: Independent QMS Lead Auditor, Trainer & Consultant

Swapnil Srivastav: Assistant Manager, Product Marketing, MetricStream